#VU49739 Improper input validation in Oracle Communications Session Report Manager - CVE-2020-5421


| Updated: 2021-01-21

Vulnerability identifier: #VU49739

Vulnerability risk: Medium

CVSSv4.0: 5.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-5421

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Oracle Communications Session Report Manager
Server applications / Other server solutions

Vendor: Oracle

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core (Spring Framework) component in Oracle Communications Session Report Manager. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle Communications Session Report Manager: 8.2.2

External links
https://www.oracle.com/security-alerts/cpujan2021.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Storage Copy Data Management
Multiple vulnerabilities in IBM watsonx.data
Multiple vulnerabilities in IBM MobileFirst Platform Foundation
Improper input validation in Identity Manager
Multiple vulnerabilities in IBM Engineering Requirements Management DOORS/DWA
Multiple vulnerabilities in IBM Cognos Controller
Multiple vulnerabilities in IBM Tivoli Netcool Configuration Manager
Multiple vulnerabilities in Autodesk InfraWorks
Multiple vulnerabilities in IBM Security Risk Manager on CP4S
Improper input validation in IBM Security Guardium